Miroslav Stampar
82e1e61554
minor speedup
2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af
refactoring. nothing special changed
2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2
minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)
2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d
quick fix (this other library was doing problems)
2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Bernardo Damele
5a1c9a42a3
Minor bug fix
2011-07-20 13:45:34 +00:00
Bernardo Damele
29b5115906
Minor bug fix
2011-07-20 13:28:10 +00:00
Miroslav Stampar
9d996c07fb
another quick fix
2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078
fix for a ImportError bug reported by g@brindi.si
2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7
bug fix
2011-07-13 06:44:15 +00:00
Miroslav Stampar
9c694ce3ec
bug fix (--tables --columns)
2011-07-12 23:27:47 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718
optimization of reflective removal mechanism
2011-07-12 22:28:19 +00:00
Miroslav Stampar
4cb9988243
quick fix
2011-07-12 21:09:33 +00:00
Bernardo Damele
cda25cda2f
Cosmetics
2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e
minor revert (it's illegal to use append for updating one array with another array)
2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33
Minor bug fix
2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81
Minor bug fix
2011-07-12 15:30:40 +00:00
Bernardo Damele
eeb4436471
renamed
2011-07-12 12:48:15 +00:00
Bernardo Damele
42c5bab013
renamed
2011-07-11 23:37:10 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6
disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator
2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53
possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com
2011-07-11 11:40:27 +00:00
Bernardo Damele
4ae71fd5f4
Updated docstring
2011-07-11 10:39:30 +00:00
Bernardo Damele
86d28947aa
updated
2011-07-11 10:07:36 +00:00
Bernardo Damele
2b6b80d7f8
Updated docstring
2011-07-11 10:04:19 +00:00
Bernardo Damele
c9e6fc7695
Added new tamper script, tamper/space2mssqlblank.py from RS
2011-07-11 09:49:58 +00:00
Bernardo Damele
e47f873fa4
Renamed space2extrarandomblank.py to space2mysqlblank.py
2011-07-11 09:49:03 +00:00
Bernardo Damele
c9ba58acb6
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
2011-07-11 09:47:52 +00:00
Bernardo Damele
1e1f429668
Minor minor fix
2011-07-11 09:22:47 +00:00
Miroslav Stampar
5014475637
minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index)
2011-07-11 09:22:29 +00:00
Miroslav Stampar
7a6bddf811
minor fixes pointed by RS
2011-07-11 09:08:24 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db
adding new switch '--smart' by request
2011-07-10 15:16:58 +00:00
Miroslav Stampar
5d31eb5ef7
cosmetics and also tested against testing env - works perfectly
2011-07-10 09:07:07 +00:00
Miroslav Stampar
b3acaf85d8
minor update
2011-07-10 08:58:55 +00:00
Miroslav Stampar
eb42cedf2a
adding extractvalue MySQL >= 5.1 error payload ( http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/ ) - untested (lack of particular ver for testing) and prone to level/risk adjustment
2011-07-10 08:54:22 +00:00
Miroslav Stampar
b7433011f8
new tamper script by request
2011-07-08 22:48:03 +00:00
Miroslav Stampar
1e182e6c72
quick fix
2011-07-08 22:34:44 +00:00
Bernardo Damele
05cb65b106
Added one more tamper script from Roberto Salgado and minor adjustment to others
2011-07-08 13:43:34 +00:00
Bernardo Damele
3985a81cb9
Update email addresses
2011-07-08 13:39:47 +00:00
Bernardo Damele
651349e229
More verbose critical message
2011-07-08 13:12:53 +00:00
Bernardo Damele
062c156fc0
Added another tamper script from Roberto Salgado
2011-07-08 11:03:14 +00:00
Miroslav Stampar
93219b9e13
i've accidentally left table_schema removed while doing some tests. now it should be ok
2011-07-08 10:24:46 +00:00
Bernardo Damele
b5dd4d4a63
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
2011-07-08 10:19:01 +00:00